CN111917534B - Multicast data transmission method for embedding ciphertext strategies in message - Google Patents

Multicast data transmission method for embedding ciphertext strategies in message Download PDF

Info

Publication number
CN111917534B
CN111917534B CN202010554823.4A CN202010554823A CN111917534B CN 111917534 B CN111917534 B CN 111917534B CN 202010554823 A CN202010554823 A CN 202010554823A CN 111917534 B CN111917534 B CN 111917534B
Authority
CN
China
Prior art keywords
multicast
ciphertext
data
receiver
strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010554823.4A
Other languages
Chinese (zh)
Other versions
CN111917534A (en
Inventor
詹晋川
张帆
周志远
熊浩
张啸宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Forward Industrial Co Ltd
Original Assignee
Shenzhen Forward Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Forward Industrial Co Ltd filed Critical Shenzhen Forward Industrial Co Ltd
Priority to CN202010554823.4A priority Critical patent/CN111917534B/en
Publication of CN111917534A publication Critical patent/CN111917534A/en
Application granted granted Critical
Publication of CN111917534B publication Critical patent/CN111917534B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a multicast data transmission method for embedding ciphertext strategies in messages, and relates to the technical field of network security. The method comprises the following steps: the multicast source generates a ciphertext strategy tree according to the AES key and the decryption strategy; the multicast source encrypts the multicast data according to the AES key to generate ciphertext data; the multicast source binds the ciphertext policy tree and ciphertext data together to generate a binding data packet, and sends the binding data packet to all multicast receivers; the target multicast receiver obtains an AES key from the decryption ciphertext policy tree, and decrypts ciphertext data by adopting the AES key to obtain multicast data. The invention realizes the encryption of one-to-many multicast messages, even if an illegal receiver joins in one multicast task to acquire encrypted data, the illegal receiver cannot decrypt the multicast data from the encrypted data, and the multicast source can conveniently modify the ciphertext strategy in the same multicast task to control whether the receiver can decrypt at any time.

Description

Multicast data transmission method for embedding ciphertext strategies in message
Technical Field
The invention relates to the technical field of network security, in particular to a multicast data transmission method for embedding a ciphertext strategy in a message.
Background
With the development of the Internet, various data, voice and video information interacted in the network are more and more, and meanwhile, services such as new electronic commerce, online conference, online auction, video on demand, remote teaching and the like are most consistent with a point-to-multipoint mode, so that higher requirements are put forward on network bandwidth. The conventional unicast and broadcast communication methods cannot realize the problems of single-point transmission and multi-point reception with minimum network overhead.
The occurrence of the IP multicast technology solves the problems in time and is a point-to-multipoint transmission mode. When some users in the network need specific data, a multicast data sender (namely a multicast source) only sends the data once, a multicast distribution tree is established for a multicast data packet by means of a multicast routing protocol, and the transmitted data starts to be copied and distributed after reaching a node which is as close as possible to a user side.
IP multicasting has been developed for over a decade, and many international organizations have performed a great deal of work on technological research and service development of multicasting, and multicast communication technologies are becoming mature. However, the security of the multicast data in the network transmission process is not well guaranteed, the data is usually transmitted in the clear text on the network and is easily intercepted by a third party, and meanwhile, in the IP network, any terminal or user can easily join in a multicast task, and the verification mechanism of a multicast receiver is lacking. The traditional encryption technology can only realize the point-to-point encryption function and cannot be suitable for multicast point-to-multipoint use scenes.
Disclosure of Invention
The invention provides a multicast data transmission method for embedding a ciphertext strategy in a message, which can alleviate the problems.
In order to alleviate the problems, the technical scheme adopted by the invention is as follows:
a multicast data transmission method for embedding ciphertext strategies in messages comprises the following steps:
s1, each multicast receiver acquires the attribute of the multicast receiver and a private key corresponding to the attribute of the multicast receiver, which is generated according to a CP-ABE algorithm;
s2, the multicast source determines a target multicast receiver, randomly generates an AES key, formulates a decryption strategy according to the attribute of the target multicast receiver, and generates a ciphertext strategy tree according to strategy generation conditions, wherein the strategy generation conditions comprise the AES key and the decryption strategy;
s3, the multicast source encrypts the multicast data according to the AES key to generate ciphertext data;
s4, binding the ciphertext policy tree and ciphertext data together by the multicast source to generate a network data packet, and transmitting the network data packet to all multicast receivers;
s5, each multicast receiver analyzes the ciphertext strategy tree and ciphertext data from the network data packet;
s6, each multicast receiver decrypts the ciphertext policy tree according to the decryption condition of the multicast receiver, wherein the decryption condition comprises a private key generated according to the attribute of the multicast receiver, and only the attribute of the target multicast receiver is matched with the ciphertext policy tree and can decrypt the ciphertext policy tree to obtain an AES key;
s7, the target multicast receiver decrypts the ciphertext data by adopting the AES key to obtain plaintext multicast data.
The technical effect of the technical scheme is as follows: the encryption problem of one-to-many multicast messages is solved, the multicast source is encrypted once, and a plurality of receivers can decrypt at the same time according to the attribute, so that the multicast data is prevented from being transmitted in the clear in the network; the network behavior is not changed, an illegal receiver can still join in a multicast task in a certain mode, but because the whole multicast data is encrypted, the illegal receiver can not decrypt the data and can not acquire plaintext data even if joining the multicast to acquire the data; the multicast source can modify the decryption strategy conveniently in the same multicast task to control the decryption authority of the multicast receiver.
Further, the policy generation condition further comprises a random number and a public parameter, wherein the random number is generated by a multicast source, and the public parameter refers to a parameter required by a CP-ABE algorithm; the decryption conditions further include public parameters.
Further, the public parameters are generated by the PKG server and are disclosed in the network in which the multicast group is located.
Further, the attribute and the private key of each multicast receiver are uniformly generated by the PKG server.
The technical effect of the technical scheme is as follows: and the key pair is generated through unified management, so that the method is safe and reliable.
Further, the attribute and private key generated by the PKG server, after being stored in the Ukey, are copied offline to each multicast receiver.
The technical effect of the technical scheme is as follows: the security and confidentiality of the private key can be ensured, and interception by people in the network can be avoided.
Further, the attribute of each multicast receiver is disclosed by the PKG server in the network where the multicast group is located.
Further, the target multicast receiver requests to decrypt the multicast data in the data transmission task.
Further, the AES key is a symmetric key, and the multicast data is encrypted or decrypted by using an AES algorithm.
The technical effect of the technical scheme is as follows: the AES algorithm has high operation speed, very low memory requirement, suitability for a limited environment and flexible design of the packet length and the key length.
In order to make the above objects, features and advantages of the present invention more comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a multicast data transmission method in an embodiment of the present invention;
FIG. 2 is a schematic diagram showing distribution of the attributes and private keys of multicast group members according to an embodiment of the present invention;
FIG. 3 is a schematic block diagram of an encryption process of a multicast source according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a decryption process of a target multicast receiver according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 2, fig. 3 and fig. 4, an embodiment of the present invention discloses a multicast data transmission method for embedding a ciphertext policy in a message, which specifically includes:
s1, each multicast receiver acquires the attribute of the multicast receiver and a private key corresponding to the attribute of the multicast receiver, which is generated according to a CP-ABE algorithm;
s2, determining a target multicast receiver by a multicast source, formulating a decryption strategy (such as id >2 and level > 1) according to the attribute of the target multicast receiver, randomly generating an AES key, generating a ciphertext strategy tree according to strategy generation conditions, wherein the strategy generation conditions comprise the AES key and the decryption strategy, and requiring the multicast receiver capable of decrypting to obtain multicast data in a data transmission task pointed by the target multicast receiver;
s3, the multicast source encrypts the multicast data according to the AES key to generate ciphertext data;
s4, binding the ciphertext policy tree and the ciphertext data together by the multicast source to generate a network data packet, and then replacing plaintext data to be transmitted originally with the network data packet and sending the network data packet to all multicast receivers;
s5, each multicast receiver analyzes the ciphertext strategy tree and ciphertext data from the network data packet;
s6, each multicast receiver decrypts the ciphertext policy tree according to own decryption conditions, wherein the decryption conditions comprise a private key generated according to the attributes of the multicast receivers, if the attributes of the receivers do not accord with the decryption policy formulated by the multicast sender, the AES key cannot be decrypted, and if the decryption fails, the AES key can be correctly decrypted only if the attributes of the receivers accord with the decryption policy formulated by the multicast sender, in the embodiment, only the attributes of the target multicast receivers are matched with the ciphertext policy tree, and the AES key can be decrypted from the private key;
s7, the target multicast receiver decrypts the ciphertext data by adopting the AES key to obtain plaintext multicast data.
In this embodiment, the multicast receiver includes a terminal 1, a terminal 2, a terminal 3, and a terminal 4. The multicast receiver needs to acquire its own attribute and attribute-based private key in advance, for example, the attribute of the multicast receiver terminal 1 is Att 1 (id=001, level=1), the corresponding private key is: priv 1 . Wherein the attribute may be public and the private key cannot be leaked.
In this embodiment, the policy generation conditions further include a random number s and a public parameter, where the random number is generated by the multicast source, and the public parameter refers to a parameter required by the CP-ABE algorithm; the decryption conditions also include public parameters.
In this embodiment, the public parameters, the attributes of each multicast receiver, and the private key are generated by the PKG server, and the public parameters and the attributes of each multicast receiver are disclosed by the PKG server in the network where the multicast group is located.
In this embodiment, the distribution manner of the attribute and the private key generated by the PKG server is: after being stored in the Ukey, the multicast data is copied offline to each multicast receiver.
In this embodiment, the AES key is a symmetric key, and the multicast data is encrypted or decrypted using the AES algorithm. In addition, other symmetric encryption algorithms such as DES, RC4 and the like can be used for encryption or decryption.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (2)

1. A multicast data transmission method with ciphertext strategies embedded in a message is characterized by comprising the following steps:
s1, each multicast receiver acquires the attribute of the multicast receiver and a private key corresponding to the attribute of the multicast receiver, which is generated according to a CP-ABE algorithm;
s2, the multicast source determines a target multicast receiver, randomly generates an AES key, formulates a decryption strategy according to the attribute of the target multicast receiver, and generates a ciphertext strategy tree according to strategy generation conditions, wherein the strategy generation conditions comprise the AES key and the decryption strategy;
s3, the multicast source encrypts the multicast data according to the AES key to generate ciphertext data;
s4, binding the ciphertext policy tree and ciphertext data together by the multicast source to generate a network data packet, and transmitting the network data packet to all multicast receivers;
s5, each multicast receiver analyzes the ciphertext strategy tree and ciphertext data from the network data packet;
s6, each multicast receiver decrypts the ciphertext policy tree according to the decryption condition of the multicast receiver, wherein the decryption condition comprises a private key generated according to the attribute of the multicast receiver, and only the attribute of the target multicast receiver is matched with the ciphertext policy tree and can decrypt the ciphertext policy tree to obtain an AES key;
s7, the target multicast receiver decrypts the ciphertext data by adopting the AES key to obtain plaintext multicast data;
the strategy generation condition also comprises a random number and a public parameter, wherein the random number is generated by a multicast source, and the public parameter refers to a parameter required by a CP-ABE algorithm; the decryption conditions also include public parameters;
the public parameters are generated by a PKG server and are disclosed in a network where a multicast group is located;
the attribute and the private key of each multicast receiver are uniformly generated by a PKG server;
the attribute and the private key generated by the PKG server are offline copied to each multicast receiver after being stored in the Ukey;
the attributes of each multicast receiver are disclosed by the PKG server in the network where the multicast group is located.
2. The method for transmitting multicast data by embedding ciphertext policies in a message as recited in claim 1, wherein the target multicast receiver requests a multicast receiver capable of decrypting the received multicast data in a data transmission task.
CN202010554823.4A 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message Active CN111917534B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010554823.4A CN111917534B (en) 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010554823.4A CN111917534B (en) 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message

Publications (2)

Publication Number Publication Date
CN111917534A CN111917534A (en) 2020-11-10
CN111917534B true CN111917534B (en) 2023-12-15

Family

ID=73237793

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010554823.4A Active CN111917534B (en) 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message

Country Status (1)

Country Link
CN (1) CN111917534B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106470A (en) * 2007-06-30 2008-01-16 华为技术有限公司 A multicast method, network device and system
US7634085B1 (en) * 2005-03-25 2009-12-15 Voltage Security, Inc. Identity-based-encryption system with partial attribute matching
CN102833230A (en) * 2012-07-31 2012-12-19 杭州华三通信技术有限公司 Method and system for encrypting broadcast data
CN103546279A (en) * 2013-10-28 2014-01-29 成都卫士通信息产业股份有限公司 Secure multicast secret key management mechanism
CN103997463A (en) * 2014-05-23 2014-08-20 中国人民解放军理工大学 Secure multicast method for overlay network at low expenses
CN104135473A (en) * 2014-07-16 2014-11-05 北京航空航天大学 A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption
US9882714B1 (en) * 2013-03-15 2018-01-30 Certes Networks, Inc. Method and apparatus for enhanced distribution of security keys
CN109257173A (en) * 2018-11-21 2019-01-22 郑州轻工业学院 Asymmetric group key agreement method based on authority information exchange

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8255684B2 (en) * 2007-07-19 2012-08-28 E.F. Johnson Company Method and system for encryption of messages in land mobile radio systems
WO2013027206A1 (en) * 2011-08-24 2013-02-28 Ben-Gurion University Of The Negev Research & Development Authority A method for attribute based broadcast encryption with permanent revocation

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634085B1 (en) * 2005-03-25 2009-12-15 Voltage Security, Inc. Identity-based-encryption system with partial attribute matching
CN101106470A (en) * 2007-06-30 2008-01-16 华为技术有限公司 A multicast method, network device and system
CN102833230A (en) * 2012-07-31 2012-12-19 杭州华三通信技术有限公司 Method and system for encrypting broadcast data
US9882714B1 (en) * 2013-03-15 2018-01-30 Certes Networks, Inc. Method and apparatus for enhanced distribution of security keys
CN103546279A (en) * 2013-10-28 2014-01-29 成都卫士通信息产业股份有限公司 Secure multicast secret key management mechanism
CN103997463A (en) * 2014-05-23 2014-08-20 中国人民解放军理工大学 Secure multicast method for overlay network at low expenses
CN104135473A (en) * 2014-07-16 2014-11-05 北京航空航天大学 A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption
CN109257173A (en) * 2018-11-21 2019-01-22 郑州轻工业学院 Asymmetric group key agreement method based on authority information exchange

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
T. Hardjono (Nortel) ; B. Cain (Mirror Image) ; N. Doraswamy (Photonex) ; .A Framework for Group Key Management for Multicast Security.IETF .2001,全文. *
T. Hardjono ; Verisign ; B. Weis ; Cisco ; .The Multicast Group Security Architecture.IETF .2004,全文. *
一种基于ABE的抗共谋组播方案;唐强;杨庚;曹晓梅;;广东通信技术(第07期);全文 *
基于IBC策略驱动的组播内容分发方案;苏锐丹;丁振国;周利华;;系统工程与电子技术(第12期);全文 *

Also Published As

Publication number Publication date
CN111917534A (en) 2020-11-10

Similar Documents

Publication Publication Date Title
Canetti et al. Multicast security: A taxonomy and some efficient constructions
US6584566B1 (en) Distributed group key management for multicast security
US7016499B2 (en) Secure ephemeral decryptability
Choi et al. Efficient secure group communications for SCADA
US20150244520A1 (en) One-time-pad data encryption with media server
Eskicioglu Multimedia security in group communications: recent progress in key management, authentication, and watermarking
US6785809B1 (en) Server group key for distributed group key management
US20150229621A1 (en) One-time-pad data encryption in communication channels
CN102088441B (en) Data encryption transmission method and system for message-oriented middleware
CN101150533B (en) A secure system and method for multi-point mail push
CN102088352B (en) Data encryption transmission method and system for message-oriented middleware
US20180083947A1 (en) Stateless Server-Based Encryption Associated With A Distribution List
CN102905199B (en) A kind of multicast service realizing method and equipment thereof
WO2009043238A1 (en) Method, device and system for multimedia service management
US6587943B1 (en) Apparatus and method for limiting unauthorized access to a network multicast
JPH10107832A (en) Cipher multi-address mail system
Angamuthu et al. Balanced key tree management for multi‐privileged groups using (N, T) policy
Mukherjee et al. Scalable solutions for secure group communications
Heimgaertner et al. A security architecture for the publish/subscribe C-DAX middleware
CN111917534B (en) Multicast data transmission method for embedding ciphertext strategies in message
US20220109564A1 (en) Encrypted Group Video System and Method
Mukherjee et al. SIM-KM: Scalable infrastructure for multicast key management
KR100888075B1 (en) An encryption and decryption system for multicast using a personal symmetric key
CN111769936B (en) Encrypted multicast data transmission method based on centralized configuration
Chen et al. A secure network coding based on broadcast encryption in sdn

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant